Cyber-attackers Bypassed Multi-Factor Authentication To Compromise Cloud Services Accounts

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers have managed to bypass multi-factor authentication (MFA) protocols to breach cloud service accounts.

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers have managed to bypass multi-factor authentication (MFA) protocols to breach cloud service accounts.

CISA said it was aware of several incidents wherein hackers have used “phishing and other vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration.”

“The cyber threat actors involved in these attacks used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a ‘pass-the-cookie’ attack—to attempt to exploit weaknesses in the victim organizations’ cloud security practices,” said the CISA Analysis Report AR21-013A.

CISA explained that some hackers were able to spoof file hosting services and other legitimate vendors in order to harvest log-ins that are used to phish other members within an organization with higher credentials. 

To bypass a cloud service MFA, hackers reportedly used the ‘pass-the-cookie’ method by hijacking an already authenticated session using stolen session cookies to gain access.

CISA clarified that the recent attacks were not attributed a threat actor or linked to the recent SolarWinds hack.

CISA advised organizations using cloud services to follow the recommendations they provided in their report to prevent any breaches.  


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.